While the advantages of allowing access to social media sites while at work typically outweigh the potential hazards for most organizations, social media use does pose a number of security risks to your company. Learning the best ways to avoid compromising your organization’s security is crucial!
For employers who allow or encourage employees to utilize social media at work, the benefits are clear: employees are more apt to engage in wellness programs and stay informed about employee benefits, more likely to provide feedback, and often feel as though they are part of a community and involved in your organization’s corporate culture.
So, what are the most common risks associated with social media use?
Risk: As the prevalence of smartphones increases, the number of people who access social media on their mobile devices is expected to grow. This brings unique challenges to organizations that issue company phones or allow employee phones to connect to their wireless networks.
Mobile devices are susceptible to attacks from malicious downloaded applications (apps) and if the phone has access to your network, your company’s security could be at risk.
Risk Prevention: Instituting a policy that bans employees from downloading any third-party apps on company phones may lower your exposure, but may also negate most of the advantage of supplying your employees with smartphones. Alternatively, you could provide a list of pre-approved apps that employees are allowed to download to their employer-supplied smartphones and approve others upon request.
You may also wish to implement a policy that prohibits employees from accessing your company’s wireless network with their personal smartphone, as it could cause a breach in security. Another option is to create a separate wireless network that is intended specifically for employee smartphone use. This will allow employees to use their smartphones as they desire without placing your organization’s other networks at risk.
Risk: Email has long been a favored medium for scam artists to steal a person’s identity or money. Now many of these con artists are setting up false social media accounts and targeting individuals they think will give them the personal or corporate information required to exploit the individual or employer.
New research suggests that individuals are far more likely to trust a person that contacts them via a social networking site rather than email. This poses a threat to many organizations as there have been incidents where employees are tricked into offering up proprietary information, trade secrets or access to company networks.
Risk Prevention: Employee education is key to thwarting any social engineering attempt. Do not assume that all employees know better than to give up the username or password to their account until the requestor provides sufficient credentials. Offer in-depth IT training and keep employees informed of the latest scams and phishing attempts.
Social Networking Sites
Risk: While social networking sites such as Facebook, Twitter, Google+ and LinkedIn are all secure sites, any third-party content contained on those sites has the potential to contain malicious software. Every link, application or advertisement could breach your security if accessed on a computer connected to your organization’s network.
Due to link-shortening services, which are especially popular on Twitter, it is not always clear where a link is taking you. These condensed links can direct employees to malicious Internet sites that extract personal and corporate data.
Risk Prevention: Employee education is again the best defense against these types of attacks.
During IT training, be sure to teach employees not to use applications, such as games, on any social media site or to click on advertisements while on a work computer.
Also consider introducing your employees to a URL decoder that can expand shortened links. This will allow them to see where the link will take them prior to clicking on it.
Protecting your office’s digital security is a priority, but make sure this protection extends to those employees outside the office. Those working from remote or from home need to be informed about digital threats and to take similar steps to protect their home offices as well!
For more information about how to keep your employees safe,
subscribe to our blog and contact the professionals at Beimdiek!